start-vibing 3.0.1 → 3.0.2

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "start-vibing",
-	"version": "3.0.1",
+	"version": "3.0.2",
 	"description": "Setup Claude Code agents, skills, and hooks in your project. Smart copy that preserves your custom domains and configurations.",
 	"type": "module",
 	"bin": {

package/template/.claude/CLAUDE.md

@@ -49,35 +49,36 @@ If ONLY "Last Change" was modified but **significant** categorized source files
 
 ```
 .claude/
-├── agents/          # 82 specialized agents in 14 categories
-├── skills/          # 22 skill systems with cache
+├── agents/          # 6 active subagents (flat structure)
+│   └── _archive/    # 82+ archived agents (unused, kept for reference)
+├── skills/          # 23 skill systems with cache
 ├── scripts/         # Validation scripts (validate-claude-md.ts)
 ├── config/          # Project-specific configuration
-├── commands/        # Slash commands
+├── commands/        # Slash commands (feature, fix, research, validate)
 └── hooks/           # stop-validator.ts, user-prompt-submit.ts
 ```
 
 ---
 
-## MCP Servers (MANDATORY FOR AGENTS)
+## MCP Servers
 
-All agents MUST use these MCP servers when applicable:
+Available MCP servers and their usage:
 
-| Server                | Purpose                            | Use In Agents                           |
-| --------------------- | ---------------------------------- | --------------------------------------- |
-| `context7`            | Up-to-date library documentation   | research, analyzer, tester              |
-| `sequential-thinking` | Complex problem-solving            | orchestrator, analyzer, final-validator |
-| `memory`              | Persistent knowledge graph         | domain-updater, commit-manager          |
-| `playwright`          | Browser automation (via MCP tools, persistent sessions via `--user-data-dir`) | ui-ux-reviewer                          |
-| `nextjs-devtools`     | Next.js specific development tools | analyzer (Next.js projects)             |
-| `mongodb`             | MongoDB database operations        | tester, security-auditor                |
+| Server                | Purpose                            | Used By                                  |
+| --------------------- | ---------------------------------- | ---------------------------------------- |
+| `context7`            | Up-to-date library documentation   | research-web agent, direct use           |
+| `sequential-thinking` | Complex problem-solving            | Direct use for planning                  |
+| `memory`              | Persistent knowledge graph         | domain-updater agent, direct use         |
+| `playwright`          | Browser automation (`--user-data-dir` for persistent sessions) | Direct use for E2E testing  |
+| `nextjs-devtools`     | Next.js specific development tools | Direct use in Next.js projects           |
+| `mongodb`             | MongoDB database operations        | Direct use for DB queries                |
 
-### Agent MCP Usage Rules
+### MCP Usage Rules
 
-- **research agent**: MUST use `context7` for library docs before recommending patterns
-- **analyzer agent**: SHOULD use `context7` to verify current API patterns
-- **domain-updater**: SHOULD use `memory` to persist patterns across sessions
-- **ui-ux-reviewer**: MUST use `playwright` MCP tools to verify UI implementations
+- Use `context7` before implementing features with external libraries
+- Use `memory` to persist patterns across sessions
+- Use `playwright` for E2E testing (sessions persist via `--user-data-dir`)
+- Plugins handle security (security-guidance hook) and types (typescript-lsp) automatically
 
 ---
 
@@ -99,18 +100,26 @@ Project-specific settings are in `.claude/config/`:
 
 ## Agent → Skill Mapping
 
-| Agent            | Primary Skill      | Secondary                        |
-| ---------------- | ------------------ | -------------------------------- |
-| analyzer         | codebase-knowledge | -                                |
-| research         | research-cache     | codebase-knowledge               |
-| documenter       | docs-tracker       | codebase-knowledge               |
-| tester           | test-coverage      | -                                |
-| ui-ux-reviewer   | ui-ux-audit        | -                                |
-| security-auditor | security-scan      | -                                |
-| quality-checker  | quality-gate       | -                                |
-| final-validator  | final-check        | ALL                              |
-| commit-manager   | workflow-state     | docs-tracker, codebase-knowledge |
-| domain-updater   | codebase-knowledge | docs-tracker                     |
+### Active Subagents (6)
+
+| Agent              | Primary Skill      | Secondary          |
+| ------------------ | ------------------ | ------------------ |
+| research-web       | research-cache     | codebase-knowledge |
+| documenter         | docs-tracker       | codebase-knowledge |
+| domain-updater     | codebase-knowledge | docs-tracker       |
+| commit-manager     | workflow-state     | docs-tracker       |
+| claude-md-compactor| -                  | -                  |
+| tester-unit        | test-coverage      | -                  |
+
+### Plugins (replace archived agents)
+
+| Plugin             | Replaces Old Agent  | Mechanism         |
+| ------------------ | ------------------- | ----------------- |
+| security-guidance  | security-auditor    | PreToolUse hook   |
+| typescript-lsp     | ts-strict-checker   | LSP server        |
+| code-review        | code-reviewer       | /code-review cmd  |
+| frontend-design    | ui-ux-reviewer      | /frontend-design  |
+| commit-commands    | commit-manager (PR) | /commit cmd       |
 
 ---
 
@@ -121,16 +130,15 @@ Project-specific settings are in `.claude/config/`:
 1. **Read config** from `.claude/config/` for project specifics
 2. Read relevant skill SKILL.md file
 3. Check skill cache for existing data
-4. Research if needed (web search)
+4. Research if needed (research-web agent or web search)
 
 ### After implementation:
 
 1. Update skill cache with changes
-2. Run quality gates + record results
-3. Security audit (if auth/data involved)
-4. Final validation
-5. **Update domains** via domain-updater agent (BEFORE commit, keeps git clean)
-6. **Commit** via commit-manager agent (FINAL step)
+2. Run quality gates (bun run typecheck && lint && test)
+3. Security handled automatically by security-guidance plugin (PreToolUse hook)
+4. **Update domains** via domain-updater agent (BEFORE commit, keeps git clean)
+5. **Commit** via commit-manager agent (FINAL step)
 
 ---
 
@@ -208,14 +216,15 @@ export const usersApi = {
 
 ---
 
-## VETO Power Agents
+## Enforcement Mechanisms
 
-These agents CAN and MUST stop the flow if rules are violated:
+What blocks the flow if rules are violated:
 
-| Agent                | Blocks When                                         |
-| -------------------- | --------------------------------------------------- |
-| **security-auditor** | User ID from request, sensitive data, no validation |
-| **final-validator**  | Any rule violated, tests failing, docs missing      |
+| Mechanism                   | Type           | Blocks When                                         |
+| --------------------------- | -------------- | --------------------------------------------------- |
+| **security-guidance plugin** | PreToolUse hook | Sensitive data exposure, missing validation, OWASP   |
+| **stop-validator hook**      | Stop hook       | Branch not main, uncommitted changes, docs missing   |
+| **quality gates**            | Manual / CI     | Typecheck, lint, or test failures                    |
 
 ---
 
@@ -223,15 +232,15 @@ These agents CAN and MUST stop the flow if rules are violated:
 
 All implementations MUST:
 
-- [ ] Pass typecheck (command from config)
-- [ ] Pass lint (command from config)
-- [ ] Pass unit tests (command from config)
-- [ ] Pass build (command from config)
+- [ ] Pass typecheck (`bun run typecheck`)
+- [ ] Pass lint (`bun run lint`)
+- [ ] Pass unit tests (`bun run test`)
+- [ ] Pass build (`bun run build`)
 - [ ] Use Playwright MCP for browser testing when needed
-- [ ] Have documentation in `docs/`
-- [ ] Be security audited
+- [ ] Have documentation updated (documenter agent)
+- [ ] Security validated by security-guidance plugin (automatic via hook)
 - [ ] Be committed with conventional commits
-- [ ] Have domains updated with session learnings
+- [ ] Have domains updated with session learnings (domain-updater agent)
 
 ---
 
@@ -385,18 +394,18 @@ The **domain-updater** runs BEFORE commit-manager to ensure git stays clean.
 
 ### Trigger
 
-Runs automatically:
+Runs in the workflow:
 
-1. After final-validator approves in any workflow
+1. AFTER implementation and quality gates pass
 2. BEFORE commit-manager (so changes are included in commit)
-3. Stop hook blocks session end until domain-updater executes (if files were modified)
+3. Stop hook blocks session end until domains are updated (if source files were modified)
 
 ### Workflow Order
 
 ```
-final-validator → domain-updater → commit-manager → complete-task
-                       ↑                    ↑
-              (updates domains)    (commits all + archives)
+implement → quality gates → domain-updater → commit-manager → complete-task
+                                  ↑                  ↑
+                         (updates domains)  (commits all changes)
 ```
 
 ### Configuration